How to tell if a QR code is safe to scan

Privacy news
13 mins
  • QR codes were invented in 1994, but it wasn’t until almost a decade later that they became mainstream.
    .
  • QR code usage has increased rapidly, making them a popular tool for hackers to spread malware or steal personal information.
    .
  • QR codes have seen the highest adoption rates in Asia, where they were created. China is a world leader in QR code usage.
    .
  • The dangers of QR codes lie in their design, as malicious codes can be found anywhere and cannot be distinguished from legitimate ones.
    .
  • Learn how to safeguard your privacy with our tips on how to stay clear of QR code scams.

QR codes are like modern-day keys that can unlock a wealth of information with just a scan. These codes have become ubiquitous, appearing on advertisements, restaurant menus, and even government documents. However, just as you wouldn’t blindly use a key to access a door without knowing what’s behind it, it’s important to exercise caution when scanning QR codes. 

In recent years, QR code usage has skyrocketed, making them a popular tool for hackers to spread malware or steal personal information. Even with all the common online security tools at your disposal—a VPN, a firewall, encrypted services—they won’t shield you from the human error of scanning a malicious QR code. In this guide, we’ll give you the necessary tips to safely scan QR codes and protect yourself from potential risks. 

What are QR codes?

QR codes, or Quick Response codes, were developed as a solution to the limitations of traditional barcodes. Unlike barcodes, which are scanned in a line and can only store data in one dimension, QR codes can be scanned both horizontally and vertically, allowing it to store a much larger amount of data in a single code.

QR codes contain all sorts of information. For example, you might see a QR code on a poster or a product, and when you scan it with your phone camera, it could take you to a website, show you more information about the product, or even give you someone’s contact details.

Used for everything from billboard advertisements to parcel delivery tracking and making payments, QR codes offer great versatility. They can be printed on a variety of materials like paper, plastic, or metal, And you can scan them from many different angles and distances. They’re a quick and easy way to give people immediate access to information.

5 different types of QR codes

Not many people are aware that there are different types of QR codes around. The pixels and modules in each QR code can vary depending on the length and type of characters that are embedded in it.

Here are the five main types of QR codes:

1. Model1 and Model2 codes

These are the standard QR codes commonly found on menus, posters, and flyers for sharing information. Model1 is an older version with a smaller capacity, up to 1,167 numerals. Model2 on the other hand, has a larger capacity, up to 7,089 numerals.

2. Micro QR codes

As its name suggests, this QR code is much smaller than Model1 or Model2 codes, and as such, stores less information, too. Due to its small size, this type of QR code is commonly used for production purposes on small electronic devices. For example, a manufacturer might place this QR code on a smartphone battery for machinery in the production line to read it.

3. rMQR codes

Otherwise known as the rectangular format QR code, the rMQR is generally used on shipping labels to save space and make it easier for warehouse workers to scan them. Despite its small size, the rMQRs can hold up to 219 alphanumeric, 361 numeric, and 92 kanji characters.

4. Secure QR codes (SQRC)

SQRCs are essentially QR codes that store both public and private information. While anyone can scan the code easily to reveal public information, they’ll need a password if they want to access anything else. So, if you’re dealing with sensitive information like financial details or medical records, SQRC is your best bet for keeping it safe and sound.

5. Frame QR codes

A frame QR code has a space in the middle for an image, similar to a photo frame. This code is mostly used for marketing purposes, allowing you to incorporate a logo or your picture.

More people are scanning QR codes than ever before

QR codes were invented in 1994, but it wasn’t until almost a decade later that they became mainstream. It was only when more advanced mobile technology, particularly high-definition cameras, became available that QR codes started to be widely used. Additionally, the availability of faster and more stable internet connections also played a crucial role in the popularization of QR codes.

However, the recent pandemic spurred QR code usage further. As social distancing restrictions were imposed, people sought contactless ways to access information and services. QR codes provided an ideal solution, allowing consumers to scan codes using their phones to perform tasks like ordering food in a restaurant, rather than having to flip through menus handled by many. Additionally, the isolation of Covid-19 forced many people to get comfortable using digital technology, which further fueled the adoption of QR codes.

According to recent research from Statista, the percentage of phone users who scanned a QR code increased by 26% in the last two years, reaffirming how much society has embraced this technology.

It’s likely that we will continue to see these little black-and-white patterns emerge in various aspects of our daily lives thanks to their availability and ease of use. In fact, eMarketer has predicted that the number of QR code scans will increase by 19% by 2025, compared to statistics recorded in 2022, with an expected 100 million scans. 

However, the adoption of QR codes varies among regions.

Asia leads QR adoption, followed by North America

Not surprisingly, nations with a tech-savvy culture, extensive use of QR codes in marketing and advertising, and increasing use of QR codes for mobile payments are the most enthusiastic adopters of QR codes. 

In fact, QR codes have seen the highest adoption rates in Asia, where they were created. China, for example, is a world leader in QR code usage—half of Chinese consumers scan QR codes several times a week, with residents using them for everything from saving spots in line to setting up dates. 

However, payments are where consumers are using QR codes the most. Scan-to-pay transactions in China have surged by 26% year-on-year since 2021—a statistic fueled by the pandemic. This trend is reflected across the whole of the Far East. 

According to Statista, the region is expected to transact over 2.2 trillion USD via QR codes in 2023 alone. This is followed by North America, whose consumers are set to use QR codes to pay for goods and services to the value of 15.4 billion USD, and Latin America that’s set to use QR codes to transact over 3.4 billion USD.

Europe is slower to adopt QR codes than other regions, with the nation expected to spend 1.8 billion USD transacting with QR codes. However, recent data shows it is slowly gaining momentum with twice as many users in Europe now using QR codes compared to 2018. 

Why are hackers using QR codes to scam?

With the rise in QR code usage, hackers and scammers have seized the opportunity to exploit this trend and obtain valuable personal data with minimal effort through QR code-related scams.The dangers of QR codes lie in their design, as malicious codes can be found anywhere and cannot be distinguished from legitimate ones—making it impossible to detect fraudulent codes just by looking at them. Additionally, the absence of a central authority authorizing QR codes means that anyone with basic tech skills can create them for free using readily available code-generating tools online.

QR codes can also reveal a wealth of information about their users, putting their privacy at greater risk beyond personal and financial data. By scanning a single QR code, scammers can find out where their victims are located, what browser they’re using, and their browsing history. More concerningly, they can access personal data like full names, addresses, and banking information, which can reach high prices when sold on the dark web.

QR code fraud is on the rise

With the rise in QR code usage, hackers and scammers have seized the opportunity to exploit this trend and obtain valuable personal data with minimal effort. The dangers of QR codes lie in their design, as malicious codes can be found anywhere and cannot be distinguished from legitimate ones—making it impossible to detect fraudulent codes just by looking at them. Additionally, the absence of a central authority authorizing QR codes means that anyone with basic tech skills can create them for free using readily available code-generating tools online. 

QR codes can also reveal a wealth of information about their users, putting their privacy at greater risk beyond personal and financial data. By scanning a single QR code, scammers can find out where their victims are located, what browser they’re using, and their browsing history. More concerningly, they can access personal data like full names, addresses, and banking information, which can reach high prices when sold on the dark web. 

Most common QR code scams

To help safeguard your privacy, it’s important to be aware of the most common ways scammers use malicious QR codes. 

1. Fraudsters are exploiting restaurant QR codes 

QR code menus and payments are revolutionizing the way restaurants and cafes operate. Not only do they offer a more hygienic option for customers, but they also help establishments provide faster service and avoid the work of updating physical menus. In fact, a recent study found that 53% of restaurants in the U.S. have already made the switch to QR code menus. This trend is particularly popular among Gen Z and Millennials customers, who are more inclined to embrace new technological solutions and opt for contactless payment methods. 

Many restaurants started implementing QR codes in 2020 amid the pandemic and, according to the Restaurant Readiness Index report, 33% of owners believe they will positively impact future success. 

However, scammers can easily tamper with QR codes on menus and ordering sites, replacing them with fraudulent ones that redirect customers to fake websites that look similar and are designed to harvest personal data or redirect payments to rogue accounts. 

Interestingly, despite the growing frequency of QR code financial scams in the industry, people still feel the safest scanning QR codes in supermarkets and restaurants. However, they feel significantly less secure when using QR codes in gyms and while traveling.

2. The risks of public Wi-Fi and sharing network access

QR code scammers often target public places such as cafes and restaurants because of the easy access it provides to tamper with QR code menus and Wi-Fi hotspots. While connecting to an open network always carries some risk, QR codes make it easier for scammers to hide their traces and cause more damage. Cybercriminals often set up fake Wi-Fi hotspots with names that resemble the Wi-Fi network of a public place you want to connect to. However, in most cases, this scam is detectable if you take a closer look at the network name. In contrast, you won’t be able to look out for warning signs when accessing the network through a QR code. 

3. The hidden dangers of smart packaging

QR codes on products have become increasingly popular in recent years, essentially replacing warranty registration forms and user manuals. Brands can benefit from this technology by using it to display product information transparently, gather feedback data, and improve the overall customer experience. 

However, the increased use of QR codes in online shopping and logistics has also attracted scammers looking to exploit the trend. Cybercriminals often send phishing emails disguised as automated logistics company emails to trick customers into clicking on QR codes that redirect them to bogus websites designed to steal personal information. In some cases, scammers even send physical gifts or packages, claiming to be from known shops to further deceive customers.  

4. The dark side of financial QR code transactions 

QR codes have brought about improvements in the security and speed of financial transactions through their end-to-end encryption and PIN-less cash withdrawal features. However, they have also become a target for scammers seeking to drain users’ bank accounts without getting noticed. 

There are several ways that cybercriminals use QR codes to target users’ bank accounts, with one of the most common being the tampering of legitimate QR codes used for easy payments in public places, such as parking meters, gas stations, and cafes. In 2021, police in San Antonio in the U.S. issued a public warning to notify citizens of fraudulent QR code stickers stuck over legitimate ones, that were causing people to send funds to malicious third-party vendors.

Even though transferring small amounts of money for parking or coffee may not cause significant financial damage, fraudsters can use the data they steal from accounts to cause more harm over time. 

For example, last month in Honolulu, Hawaii, city crews had to remove counterfeit parking payment stickers that were affixed to parking meters. These stickers looked like the real parking payment stickers issued by the city, but instead directed drivers to a fake website called ParkSmarter.app, which asked for payment and personal information. The amount of money that was lost as a result of this scam is unclear, as the stickers were taken down before authorities could determine the extent of the damage.

Another common financial fraud involving QR codes is crypto scams. Fraudsters lure victims with promises of discounted or free cryptocurrency coins. But after scanning the QR code, they’re often redirected to malicious sites designed to harvest their crypto wallet details. 

Social media platforms have become a primary channel for crypto QR code fraud. Scammers often impersonate well-known crypto experts or trustworthy individuals to carry out targeted attacks. They entice victims with QR codes promising free bitcoins or discounts, and use these tactics to lure unsuspecting victims into the trap. In 2022, the U.S. Federal Trade Commission reported that 32% of all crypto scams were carried out on Instagram alone, leading U.S. senators to send a joint letter to Meta’s CEO, Mark Zuckerberg, requesting specific actions to protect users on Meta’s social media platforms and educate them on the risks.  

5. QR codes in healthcare and medical fraud

As healthcare continues to adapt to the fast-paced online environment, it’s crucial for patients to be able to differentiate between valuable, trustworthy information and scams seeking to misinform and deceive them. QR codes have become an important tool for pharmaceutical companies to ensure the safe use of drugs by providing transparent information about the manufacturing process, drug content, expiry dates, dosage, and safety measures. 

During the COVID-19 pandemic, QR codes played an essential role in tracking and analyzing patients’ health conditions and the spread of the virus more efficiently. With the implementation of QR codes showing satisfactory results and patients using them more regularly, healthcare institutions are now embracing technology for broader use cases.

However, the healthcare industry is not immune to QR code scams. Criminals are using fake QR codes offering medical information to trick patients into giving away sensitive data such as Social Security numbers. 

How to avoid malicious QR codes

While QR codes themselves are considered secure by cybersecurity experts, the context in which they’re used can pose risks to users. For example, QR codes that redirect users to malicious sites can compromise their privacy. Therefore, it’s essential to scan with caution. 

Check out our slideshow below on tips for staying clear of scam QR codes:

FAQ: About QR codes

Is Google QR code generator free?
How do I make a QR code for a link?
Can I scan a QR code without an app?
Do all phones recognize QR codes?
What is the safest QR app?
Phone protected by ExpressVPN.
Privacy should be a choice. Choose ExpressVPN.

30-day money-back guarantee

A phone with a padlock.
We take your privacy seriously. Try ExpressVPN risk-free.
What is a VPN?